const { ErrorModel } = require('../model/resModel');
const { exec,escape } = require('../db/mysql');

module.exports = (req, res, next) => {
  // 需要权限的操作一般都是通过post传递参数
  const username = req.session.username;
  const sql = `
        select isAdmin from users where username='${username}'
    `;
  exec(sql).then(rows => {
    // console.log('rootCheck', rows[0]);
    if (rows[0].isAdmin !== 'root') {
      res.json(new ErrorModel('抱歉，当前账号需要相关权限才能进行操作'));
      return ;
    }
    next();
  }).catch(err => {
    res.json(new ErrorModel('权限验证出错'));
    // console.log('权限验证出错:middleWare-rootCheck', err);
  })
};
